Best Practice Guide

Key Risk Indicators what does good look like?

1. Key Risk Indicators (KRIs) are being used to monitor potential changes to our
key risks and/or identify emerging risks, enabling pre-emptive treatment actions.
2. Quantitative and/or qualitative KRIs are used as appropriate to the context and
the risk itself.
3. KRIs are determined or approved by the owner of the risk, and match the risk or
risk event.
4. KRIs are linked to multiple risks wherever possible.
5. A balanced selection of measurable KRIs has been identified covering: trends;
early warning indicators; risk trigger points; and control effectiveness.
6. KRIs are identified as soon as possible after a decision to treat the risk has
been made, and are included in the monitoring and review process.
7. The KRI objectives and their measurements are well defined.
8. KRI thresholds or tolerances are determined or approved by senior
management and/or the risk owner.
9. KRI monitoring and reporting frequencies are established.
10. KRI data is collected automatically wherever possible.
11. When reporting, wherever possible, KRI data is aggregated and used as trend
information (dashboards etc.).

Author: Frank Davies - Manager, Enterprise Risk Management, NSW Department of Education and
Communities;
Chair, Public Sector Risk Management Association.

This has been created and endorsed by the PSRMA committee of:
Frank Davies, Phil O'Toole, Grahame Irvine, Gary Zuiderwyk, Judy Robinson, Dianne Sales, Rebecca
Angelkovic,, Hakan Harman, Deborah Allen, Megan Clark, Mani Eswaran, Natasha Hallifax, Kim Paull,
Peter Seligman, Meredith Sturman

V1.0 June 18, 2013